The chief executive of global IT security business Kaspersky Lab says
financial services firms now have most to fear from criminals

Don’t ask Eugene Kaspersky about Russian president Vladimir Putin’s plans for Ukraine or the potential consequences of Western sanctions against Russia.

While Kaspersky Lab is probably the biggest international Russian brand outside vodka, its chief executive is at pains to stress that it is now a global company, with its holding group registered in the UK.

Computer viruses are what he really likes talking about, with this month’s Heartbleed attacks on Android phones the latest incarnation of a global problem, with 315,000 reports coming in daily to Kaspersky Lab’s Moscow research headquarters.

Kaspersky, 48, is keen to get the definitions right. “Heartbleed isn’t a virus,” he says. “It’s a security vulnerability – something resembling a weak door lock that can be easily opened without the key.

“The problem here is that the model of the lock happens to be one of the most popular on the market. Use of the vulnerable OpenSSL encryption system is very widespread on the internet. It’s used to protect websites, email servers, and various internet messenger systems.

“If the flaw in an unpatched version of OpenSSL on a server is exploited, a savvy attacker with nothing more than an internet connection would be able to read the memory of that server, thereby giving access to very sensitive data such as digital certificates, private encryption keys, log-ins and passwords and so on, which often sit in a server’s system memory. Clearly, the impact of this is potentially very far-reaching.

“For individuals, the Heartbleed vulnerability could lead to their private data and social network accounts being compromised, while the worst-case scenario would be losing money if their online banking credentials are accessed.

“For businesses, governments and other institutions, there’s the risk of losing confidential and even top-secret information, which could be very damaging indeed.”

It’s good news, however, for Kaspersky Lab. Fourth in global anti-virus vendors behind Symantec’s Norton, Intel-owned McAfee and Japan’s Trend Micro, the company now has annual revenues of about $700m (£417m).

Fifteen years after opening its first overseas base in Cambridge, it has offices in 30 countries and 2,800 staff, including 120 in Britain, where it has just opened a new headquarters near London’s Paddington Station.

The company works through partners in virtually every country except North Korea, providing protection to 300m users worldwide and more than 250,000 corporate clients.

Direct sales to individuals represent 60pc of revenues, while business customers include Ferrari and French luxury goods group LVMH, as well as the Metropolitan Police and Plymouth University in the UK.

The company says it finds 12 new very serious computer attacks daily, with financial services firms currently the biggest targets. Kaspersky sees the threats spreading to new sectors.

“The threats will diversify to mobile phones and to the home environment, such as through televisions, which are now connected to the internet,” he says.

“There are millions of attacks a year on Microsoft Windows, thousands on mobile phones, mostly on Android, and dozens on Apple’s iOS.

“But more and more engineers are developing software for Android. All the systems are vulnerable and I am afraid it is very possible to see the scenario of bad guys developing malware for iOS. Technically, it is possible to infect millions of devices. Internet-enabled TV sets use both Android and Linux.”

Has anyone produced a successful virus for televisions? “Not yet,” says Kaspersky, “but it will happen.

“It’s just a question of time. We already have a product for mobile and we have a prototype for TV, so we are ready to address this issue when new malware for TV is released by criminals.

“But the worst threats are going to be attacks on critical infrastructure and its physical environment, which is managed by IT systems: power plants, factories, sea ports and aeroplanes for terrorism and sabotage. Many of these systems were designed 20, 30 or 40 years ago when cyber sabotage did not exist.

“Now it’s a different era. I’m afraid that we will see very bad attacks with real damage on the critical infrastructure because it is managed by computer systems that are vulnerable.”

Kaspersky developed an interest in computers as a teenager and majored in mathematical engineering at an institute co-sponsored by the Russian ministry of defence and the KGB.

He then became involved in IT security when his computer became infected with the Cascade virus, writing a programme to disinfect the file. After that, a friend had a computer virus and gave Kaspersky a copy to fix. Others followed and the interest mushroomed.

“That was in 1989,” says Kaspersky. “From then until 1991, this was my hobby. Then I decided to convert this hobby into my day-to-day business.

“I started working in an anti-virus department of an IT company in Russia that was owned by one of my teachers, who had known me for years and thought I had a good project and idea.

“There wasn’t any investment. It was just a salary and office space, computers and a very little salary. At that point in the early 1990s, software engineers in Russia were paid just £200 a month. That was it.”

Kaspersky and partners, including his then wife Natalya, went independent in 1997, co-founding Kaspersky Lab.

Eugene and Natalya later divorced but stayed in business together, with Natalya serving variously as chairman and chief executive of Kaspersky Lab.

Until 2006, the couple accounted for 80pc of Kaspersky Lab’s shares, but she stepped down as chief executive in 2007 and sold her shares in 2012.

Kaspersky’s family has also been a victim of crime, with his son Ivan kidnapped in 2011 when he was 20 and his father’s wealth was estimated at $800m. Ivan was freed after three days.

In 2007, Kaspersky Lab made plans to list on the London Stock Exchange in 2007. The flotation never took place and the company remains owned by Kaspersky and co-founders Alexey de Mont de Rique and Vadim Bogdanov.

“The financial crisis damaged our plans a little bit,” he says, “but we were still working on that and we started to behave like a public company. Then we recognised that was making the company more bureaucratic, slower and not flexible. So I said we would not go public.” Will he revisit these plans, given the current boom in flotations? Kaspersky shakes his head.

“Companies that go public have their reasons,” he says. “They need cash for investment or to make employees happy with stock option plans or to make their companies more transparent so that they report more or less everything.

“In our case, we don’t really need investors’ money. We are profitable. We do different things to make our employees happy and we have annual audits and are already transparent.

“It’s not like a religion that we will stay private forever, but we have no reasons to do it at the moment. The company goal is to provide the best computer security to our customers, not to earn all the money in the world. The vision is to save the cyber world, not to make investors happy,” he says.